BeBop Sync service will move content from S3 to BeBop editorial storage. To accomplish this, customers can attach the following bucket policy to their S3 buckets to grant access to BeBop without sharing the AWS keys.
Please replace BebopCustomerRole with the role provided to you and BucketName with the bucket name the policy is applied to.
Policies
Read-Write
{
"Version": "2012-10-17",
"Id": "Policy1500414757803",
"Statement": [
{
"Sid": "Stmt1500414754089",
"Effect": "Allow",
"Principal": {
"AWS": [ "arn:aws:iam::320920465553:role/BebopCustomerRole", "arn:aws:iam::320920465553:user/BebopCustomerRole" ]
},
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:GetObjectTagging",
"s3:PutObject",
"s3:PutObjectTagging"
],
"Resource": [
"arn:aws:s3:::BucketName",
"arn:aws:s3:::BucketName/*"
]
}
]
}
For Read-Only Access please omit
"s3:PutObject",
"s3:PutObjectTagging"
Please provide us with the following information:
- If there are 2 buckets
- Bucket name content going into BeBop
- Ex: /dark-knight-to-bebop
- Bucket name for content coming out of BeBop
- Ex: /dark-knight-from-bebop
- Bucket name content going into BeBop
- If there is only 1 bucket with read/write permissions
- Bucket name and sub-folder for content going into Bebop
- Ex: /dark-knight/trailer/dailies
- Bucket name and sub-folder for content coming out of Bebop
- Ex: /dark-knight/trailer/selects
- Bucket name and sub-folder for content going into Bebop
Step By Step
1. Login to AWS Console and go to S3 Console.
2. Click on the desired bucket.
3. Select Permissions Tab and Click on Bucket Policy.
4. Paste the bucket policy (from above). Replace the BebopCustomerRole & BucketName.
References:
http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html
http://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html